PRIVACY POLICY
CrossFit East Bay (“we,” “us,” or “our”) values and respects your privacy and is committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines the types of information we collect, how we process that information, your rights as a data subject or consumer, and the measures we take to safeguard your personal data when you access or use our website located at crossfiteastbay.com (“Website”).
1. Commitment to Privacy and Data Protection
We are firmly committed to maintaining the privacy, integrity, and security of any personal data collected through our Website. We process personal data lawfully, fairly, and in a transparent manner, and we implement robust safeguards to prevent unauthorized access, disclosure, or misuse.
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all users of our Website and to all personal data collected through it. CrossFit East Bay is the data controller of any personal information you provide through the Website. If you reside in the European Economic Area (EEA) or the United Kingdom, we are responsible for determining the purpose and means of processing your personal information under GDPR.
This Privacy Policy does not apply to third-party websites, products, or services that may be linked to the Website.
3. Categories of Data Processed
We may collect and process the following categories of personal and technical information:
A. Usage Data
– IP addresses, browser types and versions
– Device type, operating system, and referral sources
– Dates/times of visits, page views, website navigation paths
– Session durations and clickstream data
B. Account Data
– User’s full name
– Billing and shipping address
– Email address
– Telephone number
C. Profile Data
– Workout history, attendance, scheduling preferences
– Purchase history, subscriptions
– Demographic information supplied by you
D. Communication Data
– Records of support queries
– Customer service messages
– Chat logs and correspondence history
E. Technical Data
– Device identifiers
– Locale and language preferences
– Browser configurations
– System timestamps and performance metrics
F. Transaction Data
– Payment details (securely tokenized or stored by authorized processors)
– Purchase records, invoices, and receipts
– Delivery dates and logistical details
G. Preference Data
– Marketing and newsletter opt-in/opt-out preferences
– Gym service interests and class selection history
– User feedback and responses to surveys or polls
4. Legal Bases for Processing
We process your personal data lawfully under the following bases:
– Consent: When you voluntarily opt-in for marketing or newsletters.
– Contract: When data is needed to fulfill our contractual obligations (e.g., gym memberships or purchases).
– Legitimate Interests: When processing is necessary for our operations, and provided it does not override your rights (e.g., website analytics and fraud prevention).
– Legal Obligation: When required to do so by applicable laws and regulations.
5. Your Rights Under GDPR and CCPA
Data subjects under GDPR and consumers under CCPA are entitled to the following rights:
– Right of Access: You may request access to your personal data held by us.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data unless restricted by law.
– Right to Restriction: You may request limitation of processing under certain circumstances.
– Right to Data Portability: You may request your data in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to certain forms of processing based on legitimate interests or for direct marketing purposes.
– Right to Non-Discrimination (under CCPA): We will not deny services, charge different prices, or provide different quality based on the exercise of privacy rights.
To exercise any of the above rights, contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure the security of your personal data, which include but are not limited to:
– End-to-end encryption (where applicable)
– Role-based access controls and strong password policies
– Regular data backups and secure cloud storage
– Ongoing staff training on privacy and data protection
– Vulnerability assessments and intrusion detection tools
7. International Transfers
Your personal data may be transferred to and processed in countries outside of your jurisdiction, including the United States. When international transfers occur, we implement appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, and ensure all recipients comply with equivalent data protection obligations.
8. Data Retention
We retain personal data only as long as necessary for the fulfillment of its purpose, or as required by applicable law. We apply the following general data retention periods:
– Account and Profile Data: maintained for the duration of your membership or until requested deletion
– Transaction Data: retained for up to 7 years for legal compliance
– Communication Data: retained for a maximum of 3 years for quality assurance
– Marketing Preference Data: maintained until user opts out
– Technical and Usage Data: retained for up to 2 years for analytical purposes
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience and functionality. Cookies we utilize fall under the following categories:
– Essential Cookies: Required for enabling core Website features, such as secure login and transactional operations.
– Functional Cookies: Remember user choices, such as preferred language and location.
– Analytics Cookies: Collect data for website usage, traffic sources, and content behavior.
– Performance Cookies: Track technical performance and help optimize the Website across devices.
10. Cookie Management and Compliance
By visiting crossfiteastbay.com, you are presented with a cookie banner that allows you to manage your consent preferences in compliance with both GDPR and CCPA requirements.
Users can also control or delete cookies through browser settings and opt out of third-party cookies used for targeted advertising.
11. Children’s Privacy
Our Website and services are not intended for or directed to children under the age of 13. We do not knowingly collect or solicit personal data from minors. If you believe that a child under 13 has provided us with personal data, please contact us at [email protected] and we will delete such data promptly.
12. Policy Updates
We may amend this Privacy Policy from time to time to reflect legal, regulatory, or operational changes. When updates occur, we will notify users via the Website or direct communication channels, as required.
Users are encouraged to review this policy regularly to stay informed about our data practices.
13. Contact
If you have any concerns regarding the processing of your personal data or you wish to exercise any of your data rights, please contact us:
Email: [email protected]
We are committed to protecting your privacy and ensuring compliance with the GDPR, CCPA, and all applicable data protection laws. If you require further assistance regarding your data rights or this Privacy Policy, do not hesitate to reach out to our privacy team.